Batch Permission Check

Check up to 100 permissions in a single request.

The batch check endpoint evaluates multiple permissions for a single user in one request. It deduplicates by adminId internally for efficiency.

Endpoint

POST /api/v1/permissions/check-batch

Scope: permissions:check

Rate limit: 5,000/hr

Request body

Field	Type	Required	Description
adminId	string	Yes	The user to check permissions for
checks	array	Yes	Array of checks (max 100)
checks[].path	string	Yes	Permission path
checks[].action	string	Yes	Action to check
checks[].resource	object	No	Resource attributes for ABAC/ReBAC
context	object	No	Shared request context for all checks

curl

curl -X POST https://api.platformxe.com/api/v1/permissions/check-batch \
  -H "Content-Type: application/json" \
  -H "x-api-key: pxk_live_your_api_key_here" \
  -d '{
    "adminId": "user_xyz789",
    "checks": [
      { "path": "articles", "action": "read" },
      { "path": "articles", "action": "delete" },
      { "path": "settings", "action": "manage" }
    ]
  }'

SDK

const result = await px.permissions.checkBatch({
  adminId: 'user_xyz789',
  checks: [
    { path: 'articles', action: 'read' },
    { path: 'articles', action: 'delete' },
    { path: 'settings', action: 'manage' },
  ],
});

for (const check of result.data.results) {
  console.log(`${check.path}:${check.action} → ${check.allowed}`);
}

Response

{
  "success": true,
  "data": {
    "results": [
      { "path": "articles", "action": "read", "allowed": true, "source": "role" },
      { "path": "articles", "action": "delete", "allowed": false, "source": "none" },
      { "path": "settings", "action": "manage", "allowed": false, "source": "override_deny" }
    ]
  }
}

Each result includes the same source field as a single check. See Permission Check for the full list of source values.

Error responses

Code	Description
BAD_REQUEST	More than 100 checks, or missing required fields
FORBIDDEN	API key missing permissions:check scope
RATE_LIMITED	Exceeded 5,000 checks/hr limit